CVE-2024-50611 | THREATINT

Description

CycloneDX cdxgen through 10.10.7, when run against an untrusted codebase, may execute code contained within build-related files such as build.gradle.kts, a similar issue to CVE-2022-24441. cdxgen is used by, for example, OWASP dep-scan. NOTE: this has been characterized as a design limitation, rather than an implementation mistake.

Reserved 2024-10-27 | Published 2024-10-27 | Updated 2024-10-30 | Assigner mitre

References

github.com/CycloneDX/cdxgen/releases

github.com/CycloneDX/cdxgen/issues/1328

owasp.org/www-project-dep-scan/

cve.org (CVE-2024-50611)

nvd.nist.gov (CVE-2024-50611)

Download JSON

Support options

Helpdesk Chat, Email, Knowledgebase
Telegram Chat

Subscribe to our newsletter to learn more about our work.